4 matches found
OS Command Injection in compile-sass
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExitcssPath" within "dist/index.js" is executed as part of the "rm" command without any sanitization...
GHSA-53XJ-V576-3CH2 OS Command Injection in giting
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument repo of function pull is executed by the package without any validation...
CVE-2019-10802
CVE-2019-10802 affects giting prior to version 0.0.8. The vulnerability arises because the first argument of the pull() function, named repo, is executed by the package without input validation, allowing arbitrary command execution (command injection). Several sources (Red Hat, Snyk, CNVD, GHSA, ...
CVE-2017-5638: Apache Struts Remote Code Execution | Cloud Foundry
Severity Advisory/Critical Vendor Apache Versions Affected Apache Struts 2: 2.3.x versions prior to 2.3.32 2.5.x versions prior to 2.5.10.1 Description The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 1 mishandles file upload, which allows remote...